RSA Conference 2017 AsiaPacific and Japan (#RSAC) in Singapore was a success with cyber security experts from around the world gathering to learn and share insights among one another. The conference had very notable presenters such as: Rohit Ghai President at RSA Security, Dr Hugh Thompson CTO at Symantec, and Diana Kelley Global Executive Security Advisor at IBM Security.
Each speaker had brought a unique perspective that provided a more clarity about the future of cyber security globally. Below you will find a recap of the key takeaways from their presentations and what you can do next to stay up to date with cyber security.
Rohit Ghai | Precision Based Cyber Security
“For decades, we have bemoaned the attacker’s advantage. Now, it’s time to figure out our sustainable advantage.” – Ghai
The President at RSA Security, Rohit Ghai was emphasizing the ways cyber defenders can now stay ahead of the cyber attacker. As Mr. Ghai emphasized that defenders need to become more familiar with and work closely with the business’s stakeholders. The power of a unified network is the strongest defense against cyber attacks. Mr. Ghai had several recommendations, most emphasized the people side of security. He recommended that risk always be visible to the board and actively managed. Another important note he made was that there is no such thing as one-size-fits-all security solution. Ensuring there is security by design throughout your network was another important recommendation of his. The most important recommendation he had though was to make sure communication skills are sharpened. This meant using language accessible to everyone and quantifying security risk to display how dire things really are.
Dr Hugh Thompson | Key to Progress: Analytics
“If analytics is applied to the right problem, it can make a massive and very personal difference, an important societal difference.”
– Dr Thompson
Chief Technology Officer at Symantec, Dr Hugh Thompson, had a very optimistic view of the future of cyber security and the part that analytics will play. Dr Thompson emphasized the need to think more creatively about what analytics can do beyond task automation. He then used the example of how a label gives people enough data to provide an informed decision. Which rings familiar if you have heard of the Cyber Shield legislation. Another important point that Dr Thompson mention was what analytics also provides beyond finding an incident. Which was that a security incident provides the information about what conditions and scenarios make a company and sector vulnerable. His closing argument was that the cyber security sector had a long way to go in terms of understanding all the creative possibilities that analytics unlocks.
Diana Kelley | Stop Repeating the Past!
“As we build new systems and new solutions, think about whether you’ve remembered the lessons of the past – have you built security in?” – Kelley
Global Executive Security Advisor at IBM Diana Kelley delivered a very important presentation that needed to be made. Kelley discussed the groundhog day repetition that the cyber security industry seems to be caught in. The veteran security advisor contrasted collaboration maturity between attackers and cyber security professionals. Where attackers are very well organized, and cyber security professionals are not that well coordinated. She points out how this impacts companies where the last few attacks used old techniques from years ago, that cyber security professionals could have done a better collective job of preventing. In the end Kelley listed essentials that security professionals need to put into practice. These essentials include: using a network-wide patching solution, maintain current data asset inventory, stay up-to-date on security intelligence, ensure controls are implemented, and ensure an incident response plan is in place.
These speakers came and delivered some optimistic and necessary critiques of the cyber security sector. There is much work for us all to do. If you would like to stay up to date on the latest insights with information and cyber security then you should subscribe IT Security Central.